Provider Directories and Privacy Rights: Inherent Conflict?

New models debated at a conference.

WASHINGTON -- Provider directories are a key part of advancing healthcare reform, but concerns about the privacy of these systems continue to worry some doctors.

Industry experts and healthcare providers discussed the ongoing work in developing provider directories and their impact on caregiver information exchange at the annual Office of the National Coordinator for Health IT (ONC) conference last Tuesday.

"Say you're a doctor and I show up in Florida and I break my leg. My primary care provider is in Chicago, but [you] want to be able to communicate," said Matt Rahn, a program analyst for the ONC.

Rahn spoke to MedPage Today over the phone with a public relations person present.

Provider directories offer one solution to the problem of disparate healthcare systems, allowing physicians, nurses, and other healthcare providers to interact through a secure network.

Each provider is given a direct address that's encrypted and identity-validated, a panelist at the conference explained. Using these direct email addresses, providers can refer patients to one another and also share their records and tests.

But physicians have voiced concerns that patients could gain access to sensitive information about the doctors listed.

"Doctors, and perhaps I can generalize this to healthcare professionals in general, are not necessarily interested in having their personal information, contact information, available to the public," said David Kibbe, MD, CEO of DirectTrust and a policy adviser to the American Academy of Family Physicians, and a panelist at Tuesday's conference. "They want to be in contact, but the question now becomes do the providers in that organization have the right to have their privacy protected."

Ability to Connect

Two years ago provider directories each had their own unique implementation, said Rahn.

"They all had similar structures, but they were doing one-off approaches. So they would not be interoperable," he said. In other words, the systems didn't play well together. (Interoperability was a key topic at the conference following the announcement of the ONC's Interoperability Roadmap, 1 week earlier. )

That's when the Health IT community approached the ONC and asked for its help in establishing a single standard, Rahn said.

"And now we've converged on one with the consensus of the community," he added. It's called the IHE Health Provider Directory (IHE/HPD) standard.

In addition to setting a standard, the ONC gave the developers of these directories the choice of whether to join a federation, a network of directories, where "[r]ather than querying one specific source you're able to pull from multiple sources," said Rahn.

But other challenges remained.

Keeping Data Safe

Kibbe said that in the past, certain organizations have created direct accounts for providers and then sold the information. Those providers then stopped responding to those addresses, he said.

"If you're going to have a directory, you really want to have it be authoritative and accurate and up to date," said Kibbe. "Otherwise it's not really all that useful."

DirectTrust is an independent nonprofit trade association that includes 38 Health Information Service Providers (HISP). As CEO, Kibbe has been discussing the idea of directories with his board for the last year.

"Everybody wants the data that could be in this directory. Let's be clear about that," he said. This is valuable information, for anyone, he said, because the addresses would be accurate and active.

"The basic issue is that, that information ought not to be shared with anyone who's a third party, who's not going to use it for advancing the exchange of health information via direct."

Kibbe said his board of directors supports activities with the DirectTrust community around direct exchange. "[B]ut they have not made a final determination on whether or not DirectTrust will be offering a directory."

If such a directory were built, it would have a very clear data-sharing policy, and everyone participating would be required to sign an agreement acknowledging that policy, he said.

Beyond Search

Jeff Livesay, associate director of Michigan Health Information Network, and a panelist at the conference, had a different perspective of provider directories. Michigan's provider directory is built on a commercial, cloud-based platform, SalesForce.com.

"We took a view that the provider directory is not just a thing where you just look up information by manual search," Livesay said.

Instead of a phone book, Livesay likened his directory to "an intelligent routing table," operating according to a provider's preferences. "If a specialist works in five clinics and has five different electronic addresses, our provider directory helps manage getting the right information to that specialist in the right clinic," he told MedPage Today in an email.

In addition to direct addresses the directory links out to "active care relationships," he said. "So that information for one patient can be sent to every provider on that patient's active care team."

Livesay noted that the Michigan model, already in use, is "fully compliant" with ONC's standards.

The Future

Livesay's concept of provider directories differs from Kibbe's. Instead of a tight "in-bundled" directory, he envisions a national virtual directory, based on several large directory efforts. In theory, this would include Michigan's directory, the revised National Plan and Provider Enumeration System (NPPES), WebMD's doctors.webmd.com, The DirectTrust Directory and a few commercial directories as well as sources of licensing and credentialing information "all interconnected to each other via interfaces for updating of each other transactionally in real-time," he told MedPage Today.

The Michigan directory has already connected with NPPES and Surescripts, another large commercial directory, and regularly receives updates from Michigan state licensing sources, said Livesay, and other systems could be quickly integrated.

Asked whether this virtual directory would be public, Livesay compared the policy to that of phone books. The privacy of these direct addresses would be up to the providers and not the vendors, he said.

"Personally, my cell phone number is on the Internet -- other people prefer to keep theirs private. It's an individual choice, not a black and white policy decision in our view," he said.

As for unwanted communications, Livesay said that his company employs end-user license agreements. "If you engage in anything that remotely resembles spam, we'll just turn off your direct address and you're out of the club."

Kibbe told MedPage Today that he was reassured by this policy and still believes this system would neglect providers' privacy, instead believing everything should be public.

"I understand the world view that that comes from. It's the world view of Google and Facebook and Twitter and endless social media that take our information from us and repurpose that information and use it," he said.

The debate over provider directories is certainly not over, and Livesay believes the ONC will play a key role in furthering the discussion.

"The supportive and forward-thinking folks at the ONC have given us so much encouragement and support and some of the very best ideas for making this concept [of a national virtual directory] better and suggestions for how to help it advance."

Accessibility Statement

At MedPage Today, we are committed to ensuring that individuals with disabilities can access all of the content offered by MedPage Today through our website and other properties. If you are having trouble accessing www.medpagetoday.com, MedPageToday's mobile apps, please email legal@ziffdavis.com for assistance. Please put "ADA Inquiry" in the subject line of your email.